CVE-2024-12528

Name of the Vulnerable Software and Affected Versions WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress versions up to 1.7.5

Description The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the wpsurveypoll results shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Recommendations For versions up to 1.7.5, update to a version higher than 1.7.5 to resolve the issue. As a temporary workaround, consider restricting access to the wpsurveypoll results shortcode to minimize the risk of exploitation.